a friend of mine was recently contacted by a renowned software house because he was using a cracked version of a famous architecture software.
The software house representative asked him and his colleagues to pay a fee since they had tracked their illegal use of the software for years otherwise they would have triggered a legal action against him and colleagues.
At this stage, I wondered how could cracked software communicate with the software house and how they are able to discover fraudulent users whereas the appropriate authorities (Italian Financial Police) should act and usually don’t.
I’m working with an American multinational corporate I do not need to work with cracked software luckily, by the way, I sometimes use it for fun/personal use (e.g. messing around with Photoshop etc.).
Given this - do you believe that the request of the software house is real? Could it be a SCAM?
How can someone protect himself? VPN is enough? a VPN with a router and kill-switch is required?
I think you may be confused about what a VPN does and does not. In the most basic form, all a VPN does is route all of your traffic to some endpoint, essentially obfuscating your location (based on IP). All of the traffic then heads to its normal destination.
That being said, there is significantly more ways to identify things. Keep in mind your public IP means nothing in the grand scheme of things. Just because I have your IP address doesn’t mean I know what software you use for example. In the same way that if you tell me your home address doesn’t mean I know which tv shows you watch.
In this case, its impossible to tell how much information is being passed through, or what information. He could have signed a mailing list of the software with his email. The software could be sending user metrics back home indicating its not licensed, it could be sending metrics saying there’s a keygen installed. It could be passing metrics saying the license key its using is invalid and used by 10,000+ other people. It could be sending all kinds of stuff back home that give them an idea of who’s using the pirated software.
That being said, It could be a scam if the person who originally pirated and distributed the software is now acting as the software owners in order to collect money. But you really could just check this yourself. If it was an email, verify the domain. If it was a phone call, call the company back on your own to an actual phone number you can verify. On expensive software, especially for enterprise software, its not uncommon for the software corp to identify these things and give you the opportunity to fix it before it becomes a legal battle.
I don’t know enough to answer your question, but this sounds like it could be a scam, or there is more to the story.
If you’re using software on your PC, the developer might be able to see things like what brand and specs you have and your IP address, but they wouldn’t be able to get any contact details for you, unless you gave them those details.
In theory, if they know your IP address they could figure out who your ISP is and your ISP would have your contact details, but they wouldn’t just give out this information. Maybe if the police were involved, but I don’t know how that works.
Thanks for your reply. However, the contact who called also sent an email from the certified email account of the software house and according to other Engineering and Architecture professionals, it seems that no SCAM is in place.
In light of this, it might be that they have sent their contact details. Or another topic could be that they recognized the address of the physical office from the IP address. Could it be? Maybe comparing the information with Google Maps…
I reckon your friend isn’t telling you the full story, there’s isn’t a way to get a physical address from an IP, only the ISP has this information.
Have a look at iplocation.net - it only gives you an approximate location (for me, it just says my city) and this is all they could see.
Using a VPN would mean they couldn’t see who your ISP was, but I don’t know if it would help in this case as I don’t know how the software house got their contact info
Well, I guess that given an approximate location, you might search on the web the architecture studio in the proximity and call them pretending that you have enough data to denounce them. I guess it was like this.
Quite possibly, but they would still need to know that it was a studio that was doing this, it could have been anyone in that same city.
It also seems like a lot of work for a software company to do, as someone else said, your friend might have created an account or signed up to a mailing list or something inadvertently.
Not saying you’re wrong, just that this is more common